aboutsummaryrefslogtreecommitdiffhomepage
path: root/tests/security
diff options
context:
space:
mode:
authorVirtualTam <virtualtam@flibidi.net>2018-05-10 13:07:51 +0200
committerVirtualTam <virtualtam@flibidi.net>2018-06-02 16:46:06 +0200
commitebf615173824a46de82fa97a165bcfd883db15ce (patch)
tree26374298b3c7f2009ef939c5d5e3d787938581be /tests/security
parentc689e108639a4f6aa9e15928422e14db7cbe30ca (diff)
downloadShaarli-ebf615173824a46de82fa97a165bcfd883db15ce.tar.gz
Shaarli-ebf615173824a46de82fa97a165bcfd883db15ce.tar.zst
Shaarli-ebf615173824a46de82fa97a165bcfd883db15ce.zip
SessionManager: remove unused UID token
There already are dedicated tokens for: - CSRF protection - user stay-signed-in feature, via cookie This token was most likely intended as a randomly generated, server-side, secret key to be used when generating hashes. See http://sebsauvage.net/wiki/doku.php?id=php:session [FR] Relevant section: Une clé secrète unique aléatoire est générée côté serveur (et jamais envoyée). Elle peut servir pour signer les formulaires (HMAC) ou générer des token de formulaires (protection contre XSRF). Voir $_SESSION['uid']. Translation: A unique, server-side secret key is randomly generated (and never transmitted). It can be used to sign forms (HMAC) or generate form tokens (protection against XSRF). See $_SESSION['uid'] Signed-off-by: VirtualTam <virtualtam@flibidi.net>
Diffstat (limited to 'tests/security')
-rw-r--r--tests/security/SessionManagerTest.php13
1 files changed, 0 insertions, 13 deletions
diff --git a/tests/security/SessionManagerTest.php b/tests/security/SessionManagerTest.php
index e1c72707..ae10ffa6 100644
--- a/tests/security/SessionManagerTest.php
+++ b/tests/security/SessionManagerTest.php
@@ -164,7 +164,6 @@ class SessionManagerTest extends TestCase
164 { 164 {
165 $this->sessionManager->storeLoginInfo('ip_id'); 165 $this->sessionManager->storeLoginInfo('ip_id');
166 166
167 $this->assertTrue(isset($this->session['uid']));
168 $this->assertGreaterThan(time(), $this->session['expires_on']); 167 $this->assertGreaterThan(time(), $this->session['expires_on']);
169 $this->assertEquals('ip_id', $this->session['ip']); 168 $this->assertEquals('ip_id', $this->session['ip']);
170 $this->assertEquals('johndoe', $this->session['username']); 169 $this->assertEquals('johndoe', $this->session['username']);
@@ -209,7 +208,6 @@ class SessionManagerTest extends TestCase
209 public function testLogout() 208 public function testLogout()
210 { 209 {
211 $this->session = [ 210 $this->session = [
212 'uid' => 'some-uid',
213 'ip' => 'ip_id', 211 'ip' => 'ip_id',
214 'expires_on' => time() + 1000, 212 'expires_on' => time() + 1000,
215 'username' => 'johndoe', 213 'username' => 'johndoe',
@@ -218,7 +216,6 @@ class SessionManagerTest extends TestCase
218 ]; 216 ];
219 $this->sessionManager->logout(); 217 $this->sessionManager->logout();
220 218
221 $this->assertFalse(isset($this->session['uid']));
222 $this->assertFalse(isset($this->session['ip'])); 219 $this->assertFalse(isset($this->session['ip']));
223 $this->assertFalse(isset($this->session['expires_on'])); 220 $this->assertFalse(isset($this->session['expires_on']));
224 $this->assertFalse(isset($this->session['username'])); 221 $this->assertFalse(isset($this->session['username']));
@@ -227,19 +224,10 @@ class SessionManagerTest extends TestCase
227 } 224 }
228 225
229 /** 226 /**
230 * The session is considered as expired because the UID is missing
231 */
232 public function testHasExpiredNoUid()
233 {
234 $this->assertTrue($this->sessionManager->hasSessionExpired());
235 }
236
237 /**
238 * The session is active and expiration time has been reached 227 * The session is active and expiration time has been reached
239 */ 228 */
240 public function testHasExpiredTimeElapsed() 229 public function testHasExpiredTimeElapsed()
241 { 230 {
242 $this->session['uid'] = 'some-uid';
243 $this->session['expires_on'] = time() - 10; 231 $this->session['expires_on'] = time() - 10;
244 232
245 $this->assertTrue($this->sessionManager->hasSessionExpired()); 233 $this->assertTrue($this->sessionManager->hasSessionExpired());
@@ -250,7 +238,6 @@ class SessionManagerTest extends TestCase
250 */ 238 */
251 public function testHasNotExpired() 239 public function testHasNotExpired()
252 { 240 {
253 $this->session['uid'] = 'some-uid';
254 $this->session['expires_on'] = time() + 1000; 241 $this->session['expires_on'] = time() + 1000;
255 242
256 $this->assertFalse($this->sessionManager->hasSessionExpired()); 243 $this->assertFalse($this->sessionManager->hasSessionExpired());